-- Supun Malinga Sent from my phone. On 23 May 2013 04:06, "Shariq Muhammed" <[email protected]> wrote: > > On Sun, May 19, 2013 at 8:46 PM, Afkham Azeez <[email protected]> wrote: >> >> >> >> On Mon, May 20, 2013 at 8:04 AM, Supun Malinga <[email protected]> wrote: >>> >>> Hi Guys, >>> >>> For C5 I think we need to permanently fix the CC related issues. This includes both the API related issues we have and the user level issues that pops up time to time like this. Please make sure we achieve that. >> >> >> This can't wait until C5. It has to be fixed ASAP. > > > Yup true, from what I have seen at time ThreadLocal CC works as expected and other times CC based on MessageContext seems to be the right way. Having toiled with the CC API from time to time, I still am not always quite sure when to use what or if its the correct/expected behavior etc .! > > During the last Stratos release Sinthuja did some changes to give priority to ThreadLocal CC (after discussing with the team of course) but we ultimately had to revert it because certain aspects were broken (login with Basic Auth - discussion at - "[Dev] UserRegistry sends null to JDBCAuthorizationManager"). Bottom line is the CC API is not as robust as we would like it to be, we should put some thought into getting the API cleaned up. One major issue when it comes tinkering with CC API is that its crosscutting nature and some issue showing up only for very specific cases. Anyway we need to give it some thought, in C5 at the very least.
Yeah! :-) > >> >>> >>> >>> thanks, >>> >>> >>> On Tue, May 14, 2013 at 6:14 PM, Sanjeewa Malalgoda <[email protected]> wrote: >>>> >>>> This issue happens because of the way we retrieve tenant id from message context. After getting it from thread local carbon context everything worked as expected. Thanks azeez for your help to sort this out. >>>> >>>> PrivilegedCarbonContext.getCurrentContext(messageContext).getTenantDomain() >>>> >>>> Changed as >>>> >>>> PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain() >>>> >>>> >>>> Thanks >>>> Sanjeewa >>>> >>>> >>>> On Tue, May 14, 2013 at 10:20 AM, Sanjeewa Malalgoda <[email protected]> wrote: >>>>> >>>>> Any update on this please. >>>>> >>>>> >>>>> On Mon, May 13, 2013 at 6:58 PM, Sanjeewa Malalgoda <[email protected]> wrote: >>>>>> >>>>>> HI All, >>>>>> In api manager publisher we publish APIs to gateway node(separate API manager node). After we logged in to API publisher node we can create new API and publish it to gateway. Problem happens only when we publish API for first time. When error occurs i can see following log at gateway node. No any other logs at gateway. >>>>>> >>>>>> WARN - ActivationHandler Failed attempt to access WSO2 API Manager by tenant 1 >>>>>> >>>>>> Inside activation handler invoke method following code block get executes. Ideally it should return as call gateway node with super tenant admin credentials. But i can see 2 times tenant ID comes and super tenant id and 3rd time its tenant id of API creator. >>>>>> >>>>>> if (tenantId == MultitenantConstants.SUPER_TENANT_ID) { >>>>>> log.debug("Granted access for super tenant"); >>>>>> return InvocationResponse.CONTINUE; >>>>>> } >>>>>> >>>>>> We deploy API by using rest API admin client. There we execute following code block. Tenant domain pass along with admin service call and used by rest API admin client. >>>>>> >>>>>> try { >>>>>> PrivilegedCarbonContext.startTenantFlow(); >>>>>> PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, >>>>>> true); >>>>>> APIData data = getApiByName(apiName); >>>>>> return data; >>>>>> } finally { >>>>>> PrivilegedCarbonContext.endTenantFlow(); >>>>>> } >>>>>> >>>>>> These components are widely used in other products as well. Please note that this happens only at very first deployment call and we cant see it after that(until restart server). This is a blocker for upcoming API manager release. Here we have 2 options. >>>>>> 01. forcefully activate tenant in gateway node. >>>>>> 02. Avoid set tenant id in activation handler. >>>>>> >>>>>> What is the purpose of having this activation handler? I can recall sometimes back we decided to activate all services for all tenants. WDYT? >>>>>> >>>>>> Thanks, >>>>>> Sanjeewa. >>>>>> >>>>>> -- >>>>>> Sanjeewa Malalgoda >>>>>> WSO2 Inc. >>>>>> Mobile : +14084122175 | +94713068779 >>>>>> >>>>>> blog :http://sanjeewamalalgoda.blogspot.com/ >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Sanjeewa Malalgoda >>>>> WSO2 Inc. >>>>> Mobile : +14084122175 | +94713068779 >>>>> >>>>> blog :http://sanjeewamalalgoda.blogspot.com/ >>>> >>>> >>>> >>>> >>>> -- >>>> Sanjeewa Malalgoda >>>> WSO2 Inc. >>>> Mobile : +14084122175 | +94713068779 >>>> >>>> blog :http://sanjeewamalalgoda.blogspot.com/ >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>> >>> >>> >>> -- >>> Supun Malinga, >> >> >> >> >> -- >> Afkham Azeez >> Director of Architecture; WSO2, Inc.; http://wso2.com >> Member; Apache Software Foundation; http://www.apache.org/ >> >> email: [email protected] cell: +94 77 3320919 >> blog: http://blog.afkham.org >> twitter: http://twitter.com/afkham_azeez >> linked-in: http://lk.linkedin.com/in/afkhamazeez >> >> Lean . Enterprise . Middleware >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> > > > > -- > Thanks, > Shariq. > Phone: +94 777 202 225
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
